Policy
Set the DPAPI backup keys rotation period
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: WindowsServer2016
This policy setting specifies the DPAPI backup keys rotation period. You can use this setting to override the default value of 90 days. Set 0 to disable the DPAPI backup keys rotation. If you enable this policy setting, set the number of days that the system waits before generating a new DPAPI backup key. If you disable or do not configure this policy setting, the default value of 90 days is used.
Internal name
DomainBackupKeyRotationPeriod
Policy ID
1ac8c0cec32b
Elements
1
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | Specify the DPAPI backup keys rotation period in days.
Set 0 to disable the DPAPI backup keys rotation. ID DPAPI_DomainBackupKeyRotationPeriod_Prompt | decimal | Path Software\Policies\Microsoft\Windows\DPAPI Value name DomainBackupKeyRotationPeriod Type REG_DWORD | Range: 0 to 18262 |
Specify the DPAPI backup keys rotation period in days.
Set 0 to disable the DPAPI backup keys rotation.
Registry mapping
Path
Software\Policies\Microsoft\Windows\DPAPI
Value name
DomainBackupKeyRotationPeriod
Type
REG_DWORD
Details
Range: 0 to 18262